Cyber attacks are becoming increasingly sophisticated as threat actors continuously evolve their tools and tactics. 

They leverage advanced technologies, use social engineering techniques, and collaborate in sophisticated cybercrime networks.

The real estate and utilities industries have seen a noticeable increase in intrusions over the last three months, according to the recent study report shared with the Cyber Security News (CSN) team from CYFIRMA.

Past 90 Days in Numbers

Real estate and utilities appeared in 13 of the 59 observed campaigns, accounting for 22% of the total, lower than industries with greater appeal to nation-state threat actors.

Besides this, the Chinese cyber activity also surged with Barracuda ESG vulnerability use. However, no new real estate or utilities victims have been observed in these campaigns since then.

Here below, we have mentioned all the involved threat actors:-

Real estate and utilities draw both financially motivated and nation-state actors. Europe, potentially targeted by Russian-linked threat actors amid the Ukraine conflict, experiences the highest attack activity.

Cyberattacks primarily target web applications and operating systems across industries, with instances of compromised VPN and application infrastructure.

Phishing attacks

This report excludes internet service providers from the analysis, focusing instead on water and energy utilities. Phishing lures targeting utilities are highly localized, deterring threat actors seeking broader targets.

CYFIRMA’s telemetry detected only 42 phishing attacks targeting utilities and none related to real estate in the past 3 months, with a primary focus on broader phishing campaigns.

Impersonated brands

Here below, we have mentioned all the real estate and utilities industry brands that are impersonated:-

• Pkn Orlen
• Swiss Office of Energy
• ENEL Energia S.P.A
• Polska Grupa Energetyczna

ASN telemetry revealed PKN Orlen phishing linked to the USA, while the Swiss Office of Energy had Swiss roots, and Italian Enel Energia and Polska Grupa Energetyczna traced back to German ASN, indicating an international PKN Orlen campaign versus local cybercriminals.

CYFIRMA found 117 ransomware victims in real estate and utilities in the last 90 days, 7.4% of 1,579 incidents, with a sharp rise in August.

Lockbit3’s August surge leads, driven by Cl0p (+Torrents), while 8base with ALPHV and Akira maintain steady numbers. The top 5 gangs make up 59% of victims, but smaller groups still cause significant harm.

Out of 45 active gangs, 29 targeted real estate and utilities, with Cl0p showing minimal interest in this sector.

Victims Targeted

The United States leads with 65 out of 112 victims, highlighting global ransomware threats that know no boundaries, as cyber attackers target vulnerable organizations worldwide.

Nation-state APTs show limited interest in real estate and utilities, mainly focusing on energy, notably in Europe in the middle of the Ukraine-Russia conflict.

Real estate and utilities lack appeal for widespread phishing due to localized fragmentation. Lockbit3 is the top gang, while Cl0p has fewer victims in this industry. However, besides this, the real estate developers and construction businesses are the most affected sectors.

Protect yourself from vulnerabilities using Patch Manager Plus to quickly patch over 850 third-party applications. Take advantage of the free trial to ensure 100% security.